The Information Commissioner’s Office said no regulatory action was needed.

The UEA said it had asked auditors how to prevent similar breaches and was now following their recommendations.

The offending email, sent in June to all American Studies students, contained personal data relating to 191 undergraduates.

It listed extenuating circumstances in which essay extensions and other concessions were granted.

Image copyrightUEA

Image caption
A second email was sent out after the error was discovered

Sophie Atherton, 22, a third-year American Studies student whose data was leaked, said: “It was devastating, actually. I was travelling back on the train and I just burst into tears.

“It felt like my life was on show for my entire department to see.”

She said it was “disappointing, to say the least” that no further action was being taken.

Ms Atherton said she was having counselling and considering legal action against the university.

The Information Commissioner’s Office (ICO), which investigates data breaches and can fine serious offenders, said: “After considering the facts in this case we found the breach didn’t meet all the requirements for the ICO to take regulatory action.

“However, we have issued the University of East Anglia with advice to assist it in improving its future compliance with the law.”

The UEA has yet to respond to request for comment, but published a report on its website into the data breach.

It claimed its response to contain the damage had been “timely and appropriate”, and that it had since introduced mandatory data protection training and tightened up procedures.